--- Day changed Mon Oct 19 2015
00:29 < jonasschnelli> gmaxwell: thanks for your comments on the digitalbitbox hardware project. I really like to see the switch from the micro EC library (uECC.c by Kenneth MacKay) to libsecp256k1. Although libsecp will probably still be to big to place in the bootloader space to verify firmware updates.
00:37 < gmaxwell> jonasschnelli: how small does it need to be for that? -- uECC.c is a generic codebase, which fundimentally should make it larger than what libsecp256k1 would be without inlining and specialized versions and fast tables and such.
00:39 < gmaxwell> jonasschnelli: though a schnorr verifier would be smaller, as it would not need a scalar inverse or, if it used the batch incompatible trick, a field inverse either.
00:39 < jonasschnelli> gmaxwell: hmm... okay. Will ask Douglas (the on-chip dev). I think the Trezor guys do verify ec signature in the bootloader (whole BL probably <32kb).
00:40 < gmaxwell> I was going to ask why bootloader, just chain from the last install.. but thats rather brickable.
00:41 < jonasschnelli> gmaxwell: A schnorr verifier would be a good idea. Also we'd like to have the firmeware ready to produce schnorr signatures (currently not exposed through the off-chip app).
00:42 < gmaxwell> you cannot do that in the firmware you ship-- not for bitcoin use (for firmware updates or what not); and there is no specification yet and no promises that anything we have right now will be remotely compatible.
00:42 < jonasschnelli> for the firmeware verification we need a DSA. Otherwise i think it's problematic. Douglas also tend to disable firmware update in general... which i think is risky.
00:43 < gmaxwell> By DSA you mean signature algorithim, correct?
00:43 < jonasschnelli> gmaxwell: yes.
00:43 < gmaxwell> By "chain from the last install" I mean, use the prior version to verify the new version.
00:44 < jonasschnelli> gmaxwell: Ah. Hm... that could work...
00:44 < jonasschnelli> b.t.w. we also use ECDH do pair the smartphone (for a 2FA / verification of the signing data)
00:44 < jonasschnelli> s/do/to
00:45 < jonasschnelli> (together with a LED blink code to reduce MiTM attacks)
02:13 -!- gmaxwell [greg@wikimedia/KatWalsh/x-0001] has quit [Remote host closed the connection]
02:13 -!- gmaxwell [greg@mf4-xiph.osuosl.org] has joined #secp256k1
02:14 -!- gmaxwell is now known as Guest89849
03:20 -!- jtimon [~quassel@212.Red-88-5-10.dynamicIP.rima-tde.net] has joined #secp256k1
06:19 -!- evoskuil [~evoskuil@c-73-225-134-208.hsd1.wa.comcast.net] has quit [Ping timeout: 260 seconds]
09:18 -!- Guest89849 is now known as gmaxwell
09:18 -!- gmaxwell [greg@mf4-xiph.osuosl.org] has quit [Changing host]
09:18 -!- gmaxwell [greg@wikimedia/KatWalsh/x-0001] has joined #secp256k1
--- Log closed Mon Oct 19 09:30:46 2015
--- Log opened Mon Oct 19 09:31:32 2015
09:31 -!- kanzure [~kanzure@unaffiliated/kanzure] has joined #secp256k1
09:31 -!- Irssi: #secp256k1: Total of 20 nicks [1 ops, 0 halfops, 0 voices, 19 normal]
09:38 -!- waxwing [~waxwing@62.205.214.125] has joined #secp256k1
09:40 -!- Irssi: Join to #secp256k1 was synced in 574 secs
09:43 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-qbcxeduyeasabbni] has joined #secp256k1
09:44 -!- Ylbam [uid99779@gateway/web/irccloud.com/x-qbcxeduyeasabbni] has left #secp256k1 []
09:50 -!- ghtdak [~ghtdak@unaffiliated/ghtdak] has joined #secp256k1
09:55 -!- maaku [~quassel@botbot.xen.prgmr.com] has quit [Remote host closed the connection]
09:56 -!- maaku [~quassel@botbot.xen.prgmr.com] has joined #secp256k1
09:57 -!- maaku is now known as Guest17159
10:44 < gmaxwell> sipa: do you mind if I make secp256k1_ec_pubkey_create terminate early on zero or overflow?  Right now it can hit a runtime assertion, e.g. for a secret key of 0 it chokes on trying to seralize infinity. :P
10:53 -!- Guest17159 is now known as maaku
10:54 < gmaxwell> sipa: thoughts on moving privkey_export and privkey_import to contrib?  do we really want to encourage people to use these things?
11:04 -!- evoskuil [~evoskuil@c-73-225-134-208.hsd1.wa.comcast.net] has joined #secp256k1
11:29 -!- maaku [~quassel@botbot.xen.prgmr.com] has quit [Remote host closed the connection]
11:30 -!- maaku [~quassel@botbot.xen.prgmr.com] has joined #secp256k1
11:30 -!- maaku is now known as Guest13301
11:31 -!- Guest13301 is now known as maaku
12:41 -!- maaku__ [~quassel@173-228-107-141.dsl.static.fusionbroadband.com] has joined #secp256k1
12:44 < gmaxwell> sipa: pubkey_tweak_mul and privkey_tweak_mul behave inconsistently with a tweak of zero.  Privkey leaves the secret unchanged, pubkey zeroizes the pubkey object.  Which behavior do you want?
14:07 -!- midnightmagic [~midnightm@unaffiliated/midnightmagic] has quit [Ping timeout: 250 seconds]
14:12 -!- midnightmagic [~midnightm@unaffiliated/midnightmagic] has joined #secp256k1
14:40 -!- midnightmagic_ [~midnightm@unaffiliated/midnightmagic] has joined #secp256k1
14:43 -!- midnightmagic [~midnightm@unaffiliated/midnightmagic] has quit [Disconnected by services]
14:44 -!- midnightmagic_ is now known as midnightmagic
17:54 < gmaxwell> booya.   branches...: 90.9% (891 of 980 branches)
19:18 <@andytoshi> awesome!!
20:21 -!- jtimon_ [~quassel@212.Red-88-5-10.dynamicIP.rima-tde.net] has quit [Ping timeout: 256 seconds]
22:04 -!- phantomcircuit [~phantomci@strateman.ninja] has quit [Ping timeout: 260 seconds]